Cyber Security
Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging Face API.
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining private message access.
Application Security
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
Cybersecurity
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
Application Security
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Cybersecurity
Operation Dragon Whistle Uses VS Code Tunnels as C2
Operation Dragon Whistle abuses Visual Studio Code Remote Tunnels as a C2 channel, targeting Pakistani surveillance infrastructure and a Chinese university.
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are required.
Application Security
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
Researcher Vega publicly disclosed nginx-poolslip, an unpatched RCE zero-day in NGINX 1.31.0 that bypasses ASLR and threatens tens of millions of servers.
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
Cybersecurity
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
Two U.S. telecom executives pleaded guilty to concealing a six-year tech-support fraud scheme that cost Americans an estimated $2.1 billion annually.
Application Security
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
Cybersecurity
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect hidden malware files.
Cybersecurity
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
K7 Security Labs found SilverFox APT serving ValleyRAT via trojanized Teams installers on teams-securecall.com, targeting credentials and crypto wallets.
Application Security
TamperedChef Hides Malware Inside Signed Apps
Palo Alto's Unit 42 documented TamperedChef, a signed-app malware campaign with 12,000 global infections using digitally signed certificates to evade detection.
Application Security
Chrome 148 Patches Critical WebRTC Use-After-Free
Google patched 16 Chrome vulnerabilities including critical CVE-2026-9111, a WebRTC use-after-free enabling drive-by exploitation without user interaction.
CVE Vulnerability Alerts
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
FortiGuard found P2PInfect enrolled enterprise GKE Kubernetes clusters for six months undetected via exposed Redis instances and a 2022 CVSS 10.0 flaw.
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Group-IB identified five dark web brokers posting 500–1,000 fake corporate breach ads monthly using recycled Facebook 2021, Eatigo, and Truecaller leak data.
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Texas AG Sues Meta Over WhatsApp Encryption Claims
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining private message access.
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Operation Dragon Whistle Uses VS Code Tunnels as C2
Operation Dragon Whistle abuses Visual Studio Code Remote Tunnels as a C2 channel, targeting Pakistani surveillance infrastructure and a Chinese university.
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are required.
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
Researcher Vega publicly disclosed nginx-poolslip, an unpatched RCE zero-day in NGINX 1.31.0 that bypasses ASLR and threatens tens of millions of servers.
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
Two U.S. telecom executives pleaded guilty to concealing a six-year tech-support fraud scheme that cost Americans an estimated $2.1 billion annually.
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect hidden malware files.
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
K7 Security Labs found SilverFox APT serving ValleyRAT via trojanized Teams installers on teams-securecall.com, targeting credentials and crypto wallets.
TamperedChef Hides Malware Inside Signed Apps
Palo Alto's Unit 42 documented TamperedChef, a signed-app malware campaign with 12,000 global infections using digitally signed certificates to evade detection.
Chrome 148 Patches Critical WebRTC Use-After-Free
Google patched 16 Chrome vulnerabilities including critical CVE-2026-9111, a WebRTC use-after-free enabling drive-by exploitation without user interaction.
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
FortiGuard found P2PInfect enrolled enterprise GKE Kubernetes clusters for six months undetected via exposed Redis instances and a 2022 CVSS 10.0 flaw.
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Group-IB identified five dark web brokers posting 500–1,000 fake corporate breach ads monthly using recycled Facebook 2021, Eatigo, and Truecaller leak data.
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
Poland abandoned Signal after Russian APTs compromised officials' accounts via fake support calls and malicious QR codes that bypassed its encryption.
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.